“Bitcoin” is a known contemporary peer-to-peer (P2P) payment system introduced as open source software in the year 2009 by a developer Satoshi Nakamoto. The Bitcoin payment system is operable, such that payments in the system are recorded in a public ledger using its own unit of account, known as “bitcoin”. On account of “bitcoin” being not exactly the same as “real” money, for example fiat currencies such as the US dollar and the Euro, bitcoin is nevertheless commonly referred to as a “digital currency”, a “virtual currency”, electronic money, or “cryptocurrency”. The bitcoin system is not controlled by a single entity, such as a central bank, which has led the US Treasury to call bitcoin a “decentralized currency”. Moreover, on account of bitcoins being susceptible to being transferred directly from one person to another, they bitcoins are sometimes described as being “digital cash”.
Bitcoins are created as a payment reward for processing work; such processing work involves users offer their computing power to verify and record payments into a public ledger associated with Bitcoin. Moreover, such processing work is referred as “mining”, wherein, in practice, individuals or companies engage in processing work in exchange for transaction fees and newly created bitcoins. Besides mining, bitcoins can be obtained in exchange for other currencies, products and/or services. Moreover, users can send and receive bitcoins electronically for an optional transaction fee using wallet software executable on a personal computer, on a mobile communication device, or via use of a web application, for example.
Bitcoin as a form of payment for products and services has recently experienced growth. However, the European Banking Authority has warned that bitcoins lack consumer protections; bitcoins can be stolen, and chargebacks are impossible in an event of theft occurring. Commercial use of bitcoin is presently small compared to its use by financial speculators.
In the aforementioned bitcoin system, an important element is a ledger. The ledger records financial transactions which have been executed using bitcoins. Recording such financial transactions is accomplished without an intermediation of any single, central authority. Instead, multiple intermediaries exist in a form of computer servers executing bitcoin software. These computer servers form a network connected via the Internet, wherein anyone can potentially join the network. Transactions accommodated by the network are of a form: “payer A wants to send Z bitcoins to payee B”, wherein the transactions are broadcast to the network using readily available software applications. The computer servers function as Bitcoin servers that are operable to validate these financial transactions, add a record of them to their copy of the ledger, and then broadcast these ledger additions to other servers of the network.
Just as a ledger can be used to record transfers of conventional fiat money such as US dollars, all bitcoin transfers are recorded in a computer file that acts as a ledger called a “block chain”. Whereas a conventional ledger records a transfer of actual dollar bills or promissory notes that exist apart therefrom, bitcoins are simply entries in a block chain and do not exist outside the block chain. However, this then requires that the integrity and accuracy of entries in the block change have to be reliable in order for the Bitcoin system to function in practice.
Maintaining the block chain is referred to as “mining”, and those who do such maintenance are rewarded with newly created bitcoins and transaction fees as aforementioned. Miners may be located on any of Earth's continents and process payments by verifying each transaction as valid and adding it to the block chain; such verification is achieved via consensus provided by a plurality of miners, and assumes that there is no systematic collusion. In the year 2014, payment processing is contemporarily rewarded with twenty five newly created bitcoins per block added to the block chain. To claim a reward for mining, a special transaction called a coinbase is included with the processed payments. All bitcoins in circulation can be traced back to such coinbase transactions. There is thus employed a bitcoin protocol which specifies that the reward for miners adding a block will be halved to 12.5 bitcoins in the year 2017, and halved again approximately every four years. Eventually, the reward will be removed entirely when an arbitrary limit of 21 million bitcoins is reached in circa year 2140, and transaction processing will then be rewarded solely by transaction fees. Paying a transaction fee is optional, but may speed up confirmation of the transaction executed in bitcoins. Payers of bitcoins have an incentive to include transaction fees because their transactions will likely be added to the block chain sooner; miners can choose which transactions to process and prefer to include those that pay fees.
Ownership of bitcoins associated with a certain bitcoin address can be demonstrated with knowledge of a private key belonging to the address. For a given owner, it is important to protect the private key from loss or theft. If a private key of a given user is lost, the given user cannot prove ownership by any other means. The bitcoins are then lost and cannot be recovered. Since anyone with knowledge of the private key has ownership of any associated bitcoins, theft occurs when a private key is revealed or stolen. Thus, a technical problem addressed by the present disclosure is how to trade more readily in bitcoins, and yet maintain a high degree of security in respect of such private keys.
The public nature of bitcoin means that, while those who use it are not identified by name, linking transactions to individuals and companies is feasible. Moreover, many jurisdictions require exchanges, where users can buy and sell bitcoins for cash, to collect personal information. In order to obfuscate a link between users and their transactions, some users employ a different bitcoin address for each transaction and other users rely on “mixing services” that allow users to trade bitcoins whose transaction history implicates them for coins with different transaction histories.
Bitcoins can be bought and sold in respect of many different types of contemporary fiat currencies, for example from individuals and companies. A contemporarily fast way to purchase bitcoins is in person or at a bitcoin ATM for cash. Participants in online exchanges offer bitcoin buy and sell bids. Using an online exchange to obtain bitcoins entails some risk, and according to one study, 45% of exchanges fail and take client bitcoins with them. Since bitcoin transactions are irreversible, sellers of bitcoins must take extra measures to ensure they have received contemporary fiat currency funds from an associated buyer.
In the Bitcoin system, bitcoins can be kept in wallets, in a manner somewhat akin to contemporary fiat currencies. Whereas bitcoin wallets are often described as being a place to hold or store bitcoins, due to the nature of the Bitcoin system, bitcoins are inseparable from the block chain transaction ledger, as aforementioned. Thus, a bitcoin wallet is something “ . . . that stores digital credentials for a given user's bitcoin holdings . . . ” and allows the given user to access and spend them. The Bitcoin system utilizes public-key cryptography, in which two cryptographic keys, one public key and one private key, are generated. The public key can be thought of as being an account number, and the private key can be thought of as being ownership credentials. At its most basic, a bitcoin wallet is a collection of these keys. However, most bitcoin software also includes a functionality to make bitcoin transactions,
Bitcoin wallet software, sometimes referred as being “bitcoin client software”, allows a given user to transact bitcoins. A wallet program generates and stores private keys, and communicates with peers on the bitcoin network. A first wallet program called “Bitcoin-Qt” was released in the year 2009 by Satoshi Nakamoto as open source code; Bitcoin-Qt is also sometimes referred to as “Satoshi client”. The wallet program can be used as a desktop wallet for payments or as a server utility for merchants and other payment services. Moreover, Bitcoin-Qt is sometimes referred to as being the reference client, because it serves to define a bitcoin protocol and acts as a standard for other implementations. As of version 0.9, Bitcoin-Qt has been renamed “Bitcoin Core” to describe its role in the Bitcoin network more accurately; when making a purchase with a mobile communication device, for example a smart phone, QR codes are used ubiquitously to simplify transactions. Several server software implementations of the bitcoin protocol exist. So-called full nodes on the Bitcoin network validate transactions and blocks they receive, and relay them to connected peers for providing consensus verification of bitcoin transactions.
An important issue in relation to bitcoin security is the prevention of unauthorized transactions occurring in respect of a given user's bitcoin wallet. A bitcoin transaction permanently transfers ownership of a bitcoin to a new address, wherein the transaction has an associated data string having a form of random letters and numbers derived from public keys by application of a hash function and encoding scheme. The corresponding private keys act as a safeguard for the given user; a valid payment message from an address must contain an associated public key and a digital signature proving possession of the associated private key. As anyone with a private key can spend all of the bitcoins associated with the corresponding address, protection of private keys is very important in the Bitcoin system. Loss of a private key potentially results in theft; a risk of theft occurring can be reduced by generating keys offline on an uncompromised computer and saving them on external storage devices or paper printouts.
A first bitcoin ATM was installed in October 2013 in Vancouver, British Columbia, Canada. By 23 Nov. 2013, the total market capitalization of bitcoin exceeded US$10 billion. Growth of the bitcoin supply is predefined by the bitcoin protocol. Presently, there are over twelve million bitcoins in circulation with an approximate creation rate of twenty five bitcoins every ten minutes. The total supply of bitcoins is capped at an arbitrary limit of twenty one million bitcoins, and every four years the creation rate of bitcoins is halved. This means new bitcoins will continue to be released for more than a hundred years.
Financial journalists and analysts, economists, and investors have attempted to predict a possible future value of bitcoin. When bitcoins potentially attain a very high value per bitcoin, relative to known fiat currencies such as USD and Euro, executing small purchases via use of bitcoins, for example in shops, boutiques and cafeterias, becomes a technical problem.
A theft of a given bitcoin is an unauthorized transfer from a bitcoin address using an associated private key to unlock the address. On account of bitcoin transactions being irreversible and the identity of users difficult to unmask, it is rare that stolen bitcoins are recovered and returned. Theft occurs on a regular basis despite claims made by the Bitcoin Foundation that theft is impossible. However, as aforementioned, generating and storing keys offline mitigates the risk of theft. Most large-scale bitcoin thefts occur at exchanges or online wallet services that store the private keys of many users. A thief hacks into an online wallet service by finding a bug in its website or spreading malware to computers holding the private keys.
Bitcoin-related malware includes software that steals bitcoins from users by using a variety of techniques, for example by employing software that uses infected computers to mine bitcoins, and different types of ransomware, which disable computers or prevent files from being accessed until some payment is made. Security company Dell SecureWorks had, in February 2014, allegedly identified 146 types of bitcoin malware; about half of such malware is undetectable with standard antivirus scanners.
Some malware can steal private keys for bitcoin wallets allowing the bitcoins themselves to be stolen. The most common type of malware searches computers for cryptocurrency wallets to upload to a remote server where they can be cracked and their bitcoins stolen. Many of these also log keystrokes to record passwords, often avoiding the need to crack the keys. A different approach detects when a bitcoin address is copied to a clipboard and quickly replaces it with a different address, tricking people into sending bitcoins to the wrong address. This method is effective for stealing bitcoins, because bitcoin transactions are irreversible, as aforementioned.
The Bitcoin network itself is potentially vulnerable to attack and corruption, as will now be elucidated. There are two main ways the blockchain ledger can be corrupted to steal bitcoins, namely by fraudulently adding to or modifying it. The Bitcoin system protects the blockchain against both using a combination of digital signatures and cryptographic hashes.
Payers and payees using the Bitcoin system are identified in the blockchain by their public cryptographic keys. Most contemporary bitcoin transfers are from one public key to a different public key; in practice hashes of these keys are used in the blockchain, and are called “bitcoin addresses”. In principle, a hypothetical attacker person A could steal money from person B and person C by simply adding transactions to the blockchain ledger like “person B pays person A 100 bitcoins”, “person C pays person A 200 bitcoins”, and so on, using of course these users' bitcoin addresses instead of their names. The bitcoin protocol prevents this kind of theft by requiring every transfer to be digitally signed with the payer's private key; only signed transfers can be added to the blockchain ledger. Since person A cannot forge person Bs signature, person A cannot defraud person B by adding an entry to the blockchain equivalent to “person B pays person A 200 bitcoins”. At the same time, anyone can verify person B's signature using his/her public key, and therefore that he/she has authorized any transaction in the blockchain where he/she is the payer.
Another principal manner in which to steal bitcoins is to modify blockchain ledger entries. Aforementioned person A could buy something from person B, like a digital church organ or a yacht, by adding a signed entry to the blockchain ledger equivalent to person A pays person B 200 bitcoins. Later, after receiving the digital church organ or yacht, person A could modify that blockchain ledger entry to read instead: “person A pays person B 2 bitcoins”, or even delete the entry. Digital signatures cannot prevent this attack: person A can simply sign his/her entry again after modifying it.
To prevent modification attacks, the Bitcoin system first requires entries be added to the blockchain in groups or blocks, not one at a time. More importantly, each block must be accompanied by a cryptographic hash of three things:    (i) a hash of the previous block;    (ii) the block itself; and    (iii) a number called a nonce.
A hash of only the first two items will, like any cryptographic hash, always have a fixed number of bits, for example 256 for SHA-256. The nonce is a number which, when included, yields a hash with a specified number of leading zero bits. On account of cryptographic hashes being essentially random, in the sense that their output cannot be predicted from their inputs, there is only one known way to find the nonce: to try out integers one after the other, for example 1, then 2, then 3, and so on. This process is called “mining”. The larger the number of leading zeros, the longer on average it will take to find a requisite nonce. The Bitcoin system constantly adjusts the number of leading zeros, so that the average time to find a nonce is about ten minutes. That way, as processing capabilities of computing hardware increase with time, over the years, the bitcoin protocol will simply require more leading zero bits to make mining always take a duration of about ten minutes to implement.
This Bitcoin system prevents modification attacks, in part, because an attacker has to recalculate all the hashes of the blocks after the modified one. In the example above, if person A wants to change 200 bitcoins to 2 bitcoin, he/she will not only have to recompute the hash of the block in which the transaction is recorded, but also compute the hash of all the blocks that come after it; he/she will have to recreate the chain of blocks, which is extremely difficult. He/she can do this, but it will take him/her time, about ten minutes on average per block. However, during that time, the network will continue to add blocks, and it will do so much faster than person A can mine. Person A would have to recalculate all the blocks before the network could add a new one, or at least catch up with or overtake the network's miners. To do this, he/she would have to have roughly as much computing power as a majority of the existing bitcoin miners combined. This would be very expensive and, if the bitcoin network were large enough, likely infeasible to implement. Moreover, because of financial incentives to mine described below, it will make more financial sense for person A to devote his/her resources to normal bitcoin mining instead. Thus, the Bitcoin system protects against fraudulent blockchain modifications by making them expensive and, if a given attacker is rational, unappealing because it makes less financial sense than becoming a miner. These attack become more expensive and less feasible as the number of miners increases, making the whole Bitcoin system becomes even more secure.
The Bitcoin system is based on an innovative solution of a problem common to all digital currency and payment schemes, namely “double-spending”. With paper money or physical coins, when a given payer transfers money to a given payee, the payer cannot keep a copy of that dollar bill or coin. With digital money, which is just a computer file, this is not the case, and the payer could in principle spend the same money again and again, repeatedly copying of the file. With bitcoin, when perspn A offers to pay person C some bitcoins, person C can always first check the blockchain ledger to verify that person A actually owns that many bitcoins. Of course, person A could try to pay many people simultaneously, but the Bitcoin system can defend against that. If person A offers to pay person C some bitcoins in exchange for goods, person C can stipulate that he/she will not deliver the goods until person A's payment to person C appears in the blockchain, which typically involves waiting about ten minutes. However, such a long period of waiting is inappropriate when making small purchases using bitcoins, for example in a boutique, ticket office or cafeteria.
A race attack in the Bitcoin system can potentially occur as follows: if the bitcoin transaction has no confirmations, shops and services which accept payment via bitcoins can be exposed to a “race attack”. For example, two bitcoin transactions are created for the same funds to be sent to different shops/services. Bitcoin system rules ensure that only one of those bitcoin transactions can be added to the block chain. Shops can take numerous precautions to reduce this type of race attack.
In an event of a Finney attack in the Bitcoin system, shops or services which accept bitcoin transactions without any confirmation are affected. A Finney attack is an attack which requires the participation of a miner to premine a block, and then send the bitcoin money to be defrauded back to the fraudster. The risk of such an attack cannot be reduced to nothing, regardless of preventative measures taken by shops or services, but it does require the participation of a miner and an ideal combination of contributing factors. Potentially, the miner risks a potential loss of the block reward. In a similar manner to the race attack, the shop or service must seriously consider its policies concerning bitcoin transactions which are implemented without any confirmation.
In a “Vector76” attack, namely an attack with confirmation, this is a combination of the two aforementioned attacks, which gives a perpetrator an ability to spend funds twice simply by employing a confirmation. Moreover, in a brute force attack, the brute force attack is possible, even if the shop or service is expecting several transaction confirmations. It requires the attacker to be in possession of relatively high-performance hardware, capable of functioning at a hash frequency. In the brute force attack, the attacker sends a bitcoin transaction to the shop paying for a product/service, and at the same time continues looking for a connection in the block chain, namely for a block chain fork, which recognizes this transaction. After a certain number of confirmations, the shop sends the product. If the attacker has found more than N blocks at this point, he/she breaks his/her block chain fork and regains his/her money, but if the attacker has not succeeded in doing this, the attack can be deemed a failure and the funds are sent to the shop, as should be the case. The success of this brute force attack depends on the speed, namely the hash frequency, of the attacker and the number of confirmations for the shop/service. For example, if the attacker possesses 10% of the calculation power of the bitcoin network and the shop expects 6 confirmations for a successful transaction, the probability of success of such a brute force attack will be 0.1%.
It will be appreciated from the foregoing that the Bitcoin system has several potential weaknesses when employed in practice to make payments. However, increasingly, users are desirous to use bitcoins to make small everyday payments, for example in shops, in boutiques, and in cafeterias. Contemporary mobile Bitcoin payment systems are based on multiple steps and require mobile application software (“apps”) to be downloaded into a mobile wireless communication device, for example a smart phone, and a mobile Internet connection to be available. Moreover, bitcoin transaction authentication, as described in the foregoing, requires time and significant amount of communication resources. Furthermore, authorization of Bitcoin-based transactions takes a long time and involves multiple steps, namely:    (i) payment with bitcoins involves multiple steps to be performed by a given user;    (ii) payment with bitcoins takes a long time to implement securely; and    (iii) payment with bitcoins is not user-friendly